Micro-blogging site Twitter has released a new feature for Two-Factor Authentication (2FA). The highlight of this feature is that users no longer need a mobile phone number to login into their Twitter accounts. Currently, under 2FA, users need to enter a six-digit code that they receive via an SMS.Twitter’s Safety team has announced the rollout of the new 2FA method for user authentication. “We want to give you the most secure experience on Twitter. Today, we updated our login process to support WebAuthn for an enhanced Two-Factor Authentication (2FA), so you can easily and securely authenticate your login with a single tap,” read the tweet.
We're also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1
— Twitter Safety (@TwitterSafety) November 21, 2019
WebAuthn is an API that allows for strong browser-to-hardware-based authentication using devices such as security keys, mobile phones (NFC, BLE), and other built-in authenticators such as Touch ID.
The move comes after Twitter CEO Jack Dorsey’s account was hacked in spite of having 2FA. Hackers used SIM swapping to post tweets on Dorsey’s Twitter account via text messages using his mobile number.
To enable the new method of 2FA, go to the ‘Accounts’ section and click on Security > Two-Factor Authentication. Next, click on Authentication app and scan the QR code to enter the six-digit code displayed in the app.Kayvon Beykpour, Product lead at Twitter, said that users can also unlink their already-linked App-Based 2FA by going to the Account settings while still keeping 2FA on.